Feedburner under fire for easy hacking of subscription counters
On Monday Joop Dorresteijn, contributing editor at The Next Web, unveiled a vulnerability in Google-owned feed tracking service Feedburner that lets anyone with some basic copy and paste skills and a Netvibes account pump up their blog subscriber numbers into the hundreds of thousands.
The "hack" is a two step affair, involving first tweaking an OPML file that lists your subscriptions, then subscribing to said feed in a simple feed-aggregation tool like Netvibes or My Yahoo. The data will then be fed through Feedburner's counters overnight, with the freshly increased numbers showing up the next morning.
Google is likely to fix the loophole by changing the way subscriptions are counted, either by tracking it on a per-service basis or using a more extensive security system that links up each subscription to a central account system. In the meantime the easiest way to spot blogs that have done this will likely be to keep an eye on abnormally large influxes of subscriptions within a 24-hour period.
You can see a video of how to do this with your own blog below, just keep in mind Google is likely to patch this shortly, although it has yet to acknowledge the vulnerability in the company's Feedburner product blog.
Feedburner hacked! from Boris Veldhuijzen van Zanten on Vimeo.
Josh Lowensohn is an associate editor for Webware.com, CNET's blog about cool and otherwise useful Web applications and services. If you've found a site you'd like profiled, shoot him an e-mail. E-mail Josh.
we are working on a fix to filter out the duplicates on our end but it's true that any tracking system is easily hackable; it doesn't even require an additionnal tool since spoofed http requests can even do the trick.
Best,
Franck Mahon
VP Product Development, Netvibes